Elements and Performance Criteria
- Determine risk management system requirements.
- Risk management context is determined.
- Relevant documentation and legislative requirements are reviewed to identify critical requirements of risk management strategy.
- Resource requirements to facilitate achievement of risk management goals and objectives are identified and arranged.
- Roles and responsibilities associated with implementing risk management activities are established according to risk management strategy.
- Organise support processes.
- Consultative processes are used to determine individual professional development requirements.
- Risk management processes requiring specialist support are identified and personnel or finance support is sought as required.
- Systems to encourage communication flow and feedback are established and maintained to ensure an accurate exchange of information between relevant people.
- Administrative processes are analysed to ensure outcomes are accurately reported and recorded.
- Assessment criteria for measuring level of potential or existing risk and assessment of consequences are developed.
- Monitor and maintain system.
- Risk management system is systematically evaluated to maintain consistency and meet relevant legislative and organisational requirements.
- Factors affecting achievement of risk management strategies are identified and required variations are negotiated and agreed.
- Information, costs and statistics relating to risk management system are collected and analysed.
- Audits of implementation of treatments of risks are arranged according to risk management system requirements.
- Changes to operating environment and risk or threat to assets are monitored on an ongoing basis, and corrective measures are identified and implemented according to risk management plan.
- Review and report on system.
- Risk management plan is reviewed against established criteria to improve and modify future risk assessment practices.
- Evaluation processes are implemented that incorporate strategies for review, evaluation and comparison of risk management strategies and processes, according to risk management plan.
- Feedback regarding satisfaction with risk assessment practices is collected, analysed and included in evaluation process.
- Business continuity plan covering all aspects of continuity cycle is developed.
- Findings of analysis of risk management system are incorporated into business continuity plan.